Unsurprisingly, the purported VIPRE app served is malware. Another Boxer, to be specific, that we detect as Trojan.AndroidOS.Generic.A. It is also no surprise that the rest of the purported AV apps all have the same sizes (186.4kb) because they’re all just the same variant repackaged and named differently.

Here are some additional details worth noting:

SMS message sent to a premium number: “6745+14900162+x+a”

Package name: com.software.application

APK name: antivirus_install.apk

Dear Reader, please make sure that when you download apps for your Android phone, you’re downloading it from legitimate and official sites only.
Stay safe!

ThreatTrack Security Labs is the power behind the malware analysis, detection and remediation technologies developed by ThreatTrack Security. From facilities in the United States and the Philippines, our team of cybersecurity professionals, malware researchers, engineers and software developers work around the clock to discover and combat Advanced Persistent Threats, targeted attacks, Zero-days and other sophisticated malware. The company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more about ThreatTrack Security.